Security

"For year-end 2007, we have compiled the Top 5 Most Overlooked Open Source Vulnerabilities encountered during 2007. We came up with this list after reviewing over 300 million lines of code and spending literally thousands of hours of analysis across a wide range of industries - including technology, financial services and government, among others."

"Two weeks ago I was in L.A., jumping from meeting after meeting, and at the end of every meeting, I asked everyone what they saw in the Identity and Access Management road ahead. I got some great answers, which you can peruse right here, and just this morning, I got these additional answers from Baber Amin of Novell, and definitely thought they were worth adding to the discussion. And hey, it is the holidays, so I can certainly forgive a little lateness."

Breach Security announced today that the Breach Security WebDefend web application firewall has earned certification by ICSA Labs, an independent division of Verizon. WebDefend is one of the first web application firewall products to achieve this distinction.

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.

Multiple vulnerabilities have been identified in IBM Lotus Notes for Linux, which could be exploited by malicious users to bypass security restrictions and potentially compromise a vulnerable system. These issues are caused due to insecure permissions being set on extracted binaries and the installdata file when executing the installer program, which could be exploited by a local attacker to modify arbitrary files such that subsequent installs performed by the root user could deploy malicious content or code to end user systems.

Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in versions prior to 2.6.23.8.

Launched by Guardian Digital with: brand new daemon control functionality, improved password shadowing, load balancing improvements and much more. EnGarde Secure Linux is a fully-functional platform engineered from the ground up for high levels of security explicitly for server operations.

Log Analysis (i.e. LIDS - Log-Based Intrusion Detection) can be a very powerful tool to complement NIDS/HIDS and improve network security. I pointed out some of its benefits in the following articles: Log analysis for intrusion detection and Log analysis using OSSEC.

However, like any other technology, when not done properly, it can add new security vulnerabilities and end up causing more harm than good.